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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings* of claims in the application; 
Listing of Claims: 

1. (Currently Amended) A method of providing remote cryptographic services, the 
method comprising at a biometric certification server (BCS) : 

ix client requesting a cryptographic s e rvic e ; 

establishing a secure connection between a the client and [[a]] the biometric certification 
server (BCS); 

receiving a request lbr a cryptographic service from the client; 
receiving biometric data from a user; 

the BCS generating a disposable public key/private key pair if the user is authenticated 
based on the biometric data; and 

the BCS performing the requested cryptographic service. 

2. (Previously Presented) The method of claim J, wherein the cryptographic service is 
authenticating the user to an other server. 

3. (Currently Amended) The method of claim 2, further comprising the BCS: 
certifying the public key; and 

forwarding the a certificate to the other server. 

4. (Currently Amended) The method of claim 3, further comprising: 
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the client receiving data from the other server for signing with tfee a user's private key; 

forwarding the data to the BCS; and 

the BCS signing the data with the a user's temporary private key. 

5. (Original) The method of claim 4, further comprising: 

the client generating a session key for use with the other server, and encrypting the 
session key with a public key of the other server; and 

the client closing the secure connection between the client and the BCS once the session 
is established between the client and the other server. 

6. (Original) The method of claim 2, further comprising: 

detecting an access to a certification database of the client by an other server; 

inserting a temporary certification from the BCS into the certification database of the 
client; and 

generating a true certificate if the other server chooses the temporary certification. 

7. (Original) The method of claim 1, wherein the cryptographic service is signing or 
encrypting data. 

8. (Original) The method of claim 7, further comprising the BCS: 
retrieving a private key/public key pair for the user; and 
performing the cryptographic service with the private or the public key. 
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9. (Previously Presented) The method of claim 1, wherein the client requesting a 
cryptographic service comprises one of the following: detecting an access to a certificate 
database of the client, detecting the user attempting to perform a cryptographic activity, 

10. (Currently Amended) A method of providing a certificate from a client to a third 
party server, the method comprising: 

receiving a request at the client for a certificate from the third party server; 

forwarding the request from the client to a biometric certification server (BCS); 

receiving a biometric identification from the client and forwarding the biometric 
identification to the BCS; 

if the biometric identification matches a registered user on the BCS, receiving a 
certificate including a public key of the client certified by the BCS, and 

forwarding the certificate, including the public key of the client certified by the BCS, to 
the third party server, thereby identifying the client to the third party server. 

1 1 . (Original) The method of claim 10, further comprising: 
detecting an access to a certification database by the server; 

inserting a temporary certification from the BCS into the certification database; and 
generating a true certificate if the server chooses the temporary certification. 

12. (Original) The method of claim 10, further comprising: 

the BCS generating a disposable public/private key pair in response to the request; and 
the BCS certifying the disposable public key of the user. 

Docket No: 03022P0I9 Page 4 of L7 WWS/WLJ/sm 

PAGE 26/39 * RCVD AT 1211 112007 6:46:42 PM [Eastern Standard Time] ' SVR:USPTO-EFXRF-5/27 * DNIS:2738300 * CSID:7145573347 ' DURATION (mm-ss):06-26 



DEC- 11 -2007 15:50 FROM : BSTZ 



7145573347 



TO:USPTO 



P.27'39 



Appl. No. 09/538,926 
Aindt dated 

Reply to Office action of June 1 1, 2007 

1 3. (Previously Presented) An apparatus for performing remote cryptographic functions 
comprising: 

a crypto-server having a crypto-proxy interface for receiving a request for a 
cryptographic function from a client on a secure connection; 

an authentication engine for authenticating the user based on biomctric data received 
through the crypto-proxy interface of the crypto-server; 

a cryptographic engine for performing the cryptographic functions after the 
authentication engine has authenticated the user based on the biometric data; and 

the crypto-proxy interface for returning data to the client, after the cryptographic 
functions arc performed. 

14. (Original) The apparatus of claim 13> further comprising: 
a database including user credentials; 

the authentication engine retrieving user biometric template from the database and 
comparing the biometric template to the biometric data received from the user. 

1 5. (Original) The apparatus of claim 13, further comprising: 

a dynamic generation engine for generating a temporary public key/private key pair, the 
key pair used for establishing a session between the client and an other server. 

16. (Original) The apparatus of claim 15, further comprising the cryptographic engine 
generating a certificate including the temporary public key, certified by the crypto-server's 
private key. 
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17. (Original) The apparatus of claim 1 5, the dynamic key generation engine destroying 
the temporary key pair after the session between the client and the other sewer is successfully 
established. 

1 8. (Original) The apparatus of claim 13, further comprising: 

user self> registration interface permitting a user io chose a handle and register a biometric 
template. 

1 9. (Original) The apparatus of claim 18, further comprising: 

a registration engine for receiving biometric data from the user during a registration 
process, and further for extracting the biometric template for the user; and 

a user credential database for storing the handle and the biometric template of the user. 

20. (Previously Presented) The apparatus of claim 19, further comprising: 

the registration engine further for generating a persistent private key/public key pair; and 

a database for storing the persistent private key/public key pair. 

2L (Original) The apparatus of claim 13, further comprising: 

a database for storing a persistent private key/public key pair; and 

the cryptographic engine for using the persistent private key or public key when 
appropriate to perform the cryptographic functions. 

22. (Previously Presented) An apparatus for permitting remote cryptographic Amotions 
comprising: 
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a crypto-APT (application program interface) for receiving cryptographic function 
requests; 

a cryptographic service provider for establishing a secure connection to a remote crypto- 
server;. and having the crypto-server perform the cryptographic function; and 

a sensor for receiving biomctric data from a user, the biometric data sent to the crypto- 
server to authenticate the user, the remote crypto-server to generate a disposable public 
key/private key pair and perform the requested cryptographic function when the user is 
successfully authenticated using the biometric data. 

23. (Previously Presented) An apparatus comprising: 

a client comprising: 

a crypto-API (application program interface) for receiving cryptographic function 
requests; and 

a cryptographic service provider for establishing a secure connection to a remote crypto- 
server, and having the crypto-server generate a disposable public key/private key pair and 
perform the cryptographic function; 

and a sensor for receiving biometric data from a user, the biometric data sent to the 
crypto-server to authenticate the user; 

the remote crypto-server comprising: 

a crypto-proxy interface for receiving a request for the cryptographic function from the 
client on the secure connection; 

an authentication engine for authenticating the user based on the biometric data; 
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a cryptographic engine for performing the ciyptographic functions; and 

the crypto-proxy interface for returning data to the client, after the cryptographic 
functions are performed. 

24. (Currently Amended) An apparatus, comprising; 

a crypto-scrver having a crypto-proxy interface for receiving a request for a 
cryptographic function from a client on a secure connection; 

an authentication engine to authenticate a user of the client based on biometric data of the 

user; 

a cryptographic engine to use the a user's private key, as a virtual smart card, to perform 
the requested cryptographic function after the user has been authenticated by the authentication 
engine; and 

the crypto-proxy interface for returning data to the client, after the cryptographic 
functions are performed. 

25. (Previously Presented) The apparatus of claim 24, wherein the cryptographic service 
is authenticating the user to an other server. 

26. (Previously Presented) The apparatus of claim 24, wherein the cryptographic service 
is signing or encrypting data. 
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